Quick step-by-step TMG SP2 install guide

Service Pack 2 (SP2) was recently released for Microsoft’s firewall product Forefront Threat Management Gateway (TMG). I upgraded my lab VM this morning and it was nice and simple, the whole process took under 10 minutes. I thought I’d just grab some screenshots of what to expect and post them here for reference.

Preparation

First up it looks like SP2 isn’t a cumulative so you can’t just install it over the top of a fresh TMG install. You need to make sure you are running at least TMG SP1 with Update 1

To check if you have these updates go into control panel and then “Programs and Features” click “Installed Updates” on the left hand side & you should see all installed windows patches that are installed, including those for TMG

(screenshot taken after my SP2 install but you can see here the other updates I had installed)

Next we need to do some preparation & planning… for my environment I was installing TMG on a virtual machine so it was easy to take a snapshot so that if something went wrong I could simply revert the VM and start over. I’d strongly recommend you take a backup for the TMG array configuration before you started the Service Pack installation.

Microsoft also suggest that you can create a “clone array” where you create a new TMG array for the SP2 servers and then one by one remove nodes from your SP1 array, patch them and then join them to the SP2 array.

Next we need to download SP2 (here), chances are you are running 2008 R2 so you’ll need the x64 version of the patch. Make sure to store the patch locally on each server you are going to upgrade as during the installation TMG will enter “lock down” mode and so stop communicating on the network. To avoid any issues it’s best to have the patch locally on the machine.

Installation

It is normal here to loose network connectivity to the TMG while the services are stopped. At the end of the installation all things being well the TMG services should auto-start

No reboot is required at the end of the install

Open the TMG console and check its version information (Help / About TMG)

Post install tidy up

The installation took under 10 minutes from start to finish with about a 5 minute “down time” window when TMG wasn’t responding to requests

Don’t forget after a successful install to go back and tidy things up like removing any snapshots you created if it was a virtual machine (in Hyper-V you need to stop the VM before the snapshot file properly removed from disk!)

See my follow up post for some of the changes included in TMG SP2 & good luck with your installation…!